<?php 
 include("header.inc");
// Requesting URL data
$progid = $_GET["progid"];
if(empty($progid) or !intval($progid)) { // If progid is not specified or contains wrong data
	header("Location: /"); // Redirecting to the main page
	exit;
}
// Connecting to database
if(!($link_id = mysql_connect($dbhost, $userid, $userpassword))) {
	die("<p><b>Error connecting to the database server:</b> " . mysql_error() . "</p>\n");
}
mysql_select_db($dbname);
// Receiving the required information from paddata
$result = mysql_query("SELECT * FROM paddata WHERE progid='$progid'", $link_id);
$query = mysql_fetch_array($result);
mysql_free_result($result);
if(empty($query)) { // If there was no such entry in database
	header("HTTP/1.0 404 Not Found"); // Redirecting to the main page
	die("<p><b>No such entry in database!</b></p>\n");
}
$contactname  = htmlspecialchars($query["contactname"]);
$email        = $query["email"];
$title        = htmlspecialchars($query["title"]);
$version      = $query["version"];
$category     = $query["category"];
$keywords     = str_replace(",",", ",htmlspecialchars($query["keywords"]));

// Establishing the displaying of software title with version
$fulltitle = $title . " " . $version;

// Requesting form data
$username     = $_POST["name"];
$userrating   = $_POST["rating"];
$usercomment  = $_POST["comment"];
$securitycode = $_POST["securitycode"];
$submit       = $_POST["submit"];

if($submit) {
	session_start();
	if(!isset($_SESSION["SecurityCode"])) { // If no security code on server generated (illegal access)
		die ("<p><b>Illegal form access!</b></p>\n");
	}
}
?>
<link rel="stylesheet" type="text/css" href="<?php echo $cssfile; ?>">
<script language="javascript">
<!--
function formcheck() {
	if(document.revpost.name.value=="") {
		alert("You did not enter your name!");
		document.revpost.name.focus();
		return false;
	}
	if(document.revpost.rating.selectedIndex==0) {
		alert("You did not rate the software!");
		document.revpost.rating.focus();
		return false;
	}
	if(document.revpost.comment.value.length<10) {
		alert("Please enter at least 10 characters in comment text field!");
		document.revpost.comment.focus();
		return false;
	}
	if(document.revpost.comment.value.length>1000) {
		alert("Please enter at most 1000 characters in comment text field!");
		document.revpost.comment.focus();
		return false;
	}
	if(document.revpost.securitycode.value=="") {
		alert("You did not enter the security code!");
		document.revpost.securitycode.focus();
		return false;
	}
	return true;
}
//-->
</script>
<table bgcolor="White" width="980" align="center">
<tr><td width="180" valign="top">
<table width=180 border=0 cellpadding=0 cellspacing=0 background="images/middle.gif">
          <tbody>
            <tr>
              <td height="2" class="table-top"></td>
            </tr>
            <tr>
              <td align=left valign=top class="left">
<?php
$which_class = "Audio & Multimedia";
include_once('categories1.inc');
?>
</td>
            </tr>
            <tr>
              <td height="8" class="table-bottom"></td>
            </tr>
          </tbody>
        </table>
      <br>
        <table width=180 
            border=0 align="center" cellpadding=0 cellspacing=0 
            background="images/middle.gif">
          <tbody>
            <tr>
              <td width="8" height="2" class="table-top"></td>
              <td width="172" class="table-top"></td>
            </tr>
            <tr>
              <td align=left valign=center class="left-rss">:<br>
                  <br>
                  <p></p>
                <p></p></td>
              <td align=left valign=center class="left-rss"><span class="left-b"><img src="images/rss.gif" width="36" height="14">RSS Feeds</span><br>
                <img src="images/rss-1.gif" alt="new" width="14" height="14"><a href="rss.php">New Releases and Updates</a><br>
                  <img src="images/rss-1.gif" alt="new" width="14" height="14"><a href="rss.php?feed=popular">Most Popular Software</a><br>
                  <img src="images/rss-1.gif" alt="new" width="14" height="14"><a href="rss.php?feed=rating">Top Rated Software</a></td>
            </tr>
            <tr>
              <td height="8" colspan="2" class="table-bottom"></td>
            </tr>
          </tbody>
        </table>
&nbsp;</td>
<td valign="top">
<?php

// Establishing the displaying of category and subcategory links
$xcat  = rawurlencode($category);
$cdisp = explode("::", str_replace(" & "," &amp; ",$category));
$cmach = explode("%3A%3A", $xcat);

echo "<table align=\"center\" width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"4\">\n";
echo "<tr>\n<td>\n";
echo "<p><b><a href=\"/\">C:</a></b> \\ <b><a href=\"index02.php?which_class=" . $cmach[0] . "\">" . $cdisp[0] ."</a></b> \\ <b><a href=\"index02.php?which_class=" . $xcat . "\">" . $cdisp[1] ."</a></b> \\ <b><a href=\"index04_p_" . $progid . ".html\">" . $fulltitle ."</a></b> \\ <b>Write Review</b></p>\n";
echo "</td>\n</tr>\n</table>\n<br>\n";
?>
<p><b>Please note:</b></p>
<p>Your post will appear online immediately after submission and notification email will be sent to the software author. By clicking the "Submit" button you agree to follow the posting tips and rules below and are stating your agreement to our <a href="privacy.php">privacy statement</a>. We reserve the right to remove any comments without notice.</p>

<p><b>Posting tips and rules:</b></p>
<li>Try to be objective and constructive in your comments.</li>
<li>Give suggestions on how it can be improved.</li>
<li>Give tips and hints on how to use this product.</li>
<li>Do NOT use offencive or hurtful language.</li>
<li>Do NOT post two and more similar comments for the same product.</li>
<li>Do NOT post commercial advertisements.</li>
<br>
<br>
<?php
if(empty($submit)) {
	echo "<form name=\"revpost\" action=\"" . $PHP_SELF . "?progid=" . $progid . "\" method=\"post\" onsubmit=\"return formcheck()\">\n";
	echo "<table class=\"tvisible\" align=\"center\" width=\"440\" cellspacing=\"0\" cellpadding=\"4\">\n";
	echo "<tr>\n";
	echo "<th class=\"cat_0_expanded\" colspan=\"2\">Write your review for " . $fulltitle . "</th>\n";
	echo "</tr><tr>\n";
	echo "<td class=cat_0_expanded><label for=\"name\"><p><b>Your Name:</b></p></label></td>\n";
	echo "<td><input type=\"text\" class=\"text\" name=\"name\" size=\"35\" maxlength=\"50\"></td>\n";
	echo "</tr><tr>\n";
	echo "<td class=\"cat_0_expanded\"><label for=\"rating\"><p><b>Your Rating:</b></p></label></td>\n";
	echo "<td><p><select name=\"rating\" id=\"rating\" size=\"1\">\n";
	echo "<option value=\"0\" selected>&lt; Select &gt; &nbsp; &nbsp;</option>\n";
	echo "<option value=\"1\">1 - Awful</option>\n";
	echo "<option value=\"2\">2 - Poor</option>\n";
	echo "<option value=\"3\">3 - Usable</option>\n";
	echo "<option value=\"4\">4 - Good</option>\n";
	echo "<option value=\"5\">5 - Excellent</option>\n";
	echo "</select></p></td>\n";
	echo "</tr><tr>\n";
	echo "<td class=\"cat_0_expanded\"><label for=\"comment\"><p><b>Your Comment:</b><br><small>(no HTML tags, 1000 Chr. Max)</small></p></label></td>\n";
	echo "<td><textarea name=\"comment\" rows=\"5\" cols=\"28\"></textarea></td>\n";
	echo "</tr><tr>\n";
	echo "<td class=\"cat_0_expanded\"><label for=\"securitycode\"><p><b>Security Code:</b><img src=\"codeimg.php\" width=\"44\" height=\"14\" border=\"0\" alt=\"Security Code\"></p></label></td>\n";
	echo "<td><input type=\"text\" class=\"text\" name=\"securitycode\" id=\"securitycode\" size=\"12\" maxlength=\"4\"></td>\n";
	echo "</tr><tr>\n";
	echo "<td class=\"cat_0_expanded\"><p><b>Submit:</b></p></td>\n";
	echo "<td><input type=\"submit\" class=\"button\" name=\"submit\" value=\"   Submit   \">&nbsp; &nbsp; &nbsp;<input type=\"reset\" class=\"button\" value=\"   Reset   \"></td>\n";
	echo "</tr>\n</table>\n</form>\n<br>\n";
}
else {
	// Processing received data
	if(empty($username)) { // If the name field is empty
		$bad  = "You did not enter your name!<br>";
	}
	if($userrating == "0") { // If the rating is not set
		$bad .= "You did not rate the software!<br>";
	}
	if(empty($usercomment)) { // If the comment field is empty
		$bad .= "You did not enter your comment!<br>";
	}
	if(empty($securitycode)) { // If the security code field is empty
		$bad .= "You did not enter the security code!<br>";
	}
	if($securitycode != $_SESSION["SecurityCode"]) { // If the security code does not match the generated one
		$bad .= "The security code is wrong!<br>";
	}
	if($bad) { // If there was any problem with filling the form
		echo "<h2 class=\"red\">" . $bad . "</h2>\n";
		echo "<p><b>Please go <a href=\"javascript:history.back()\">Back</a> and fill the form correctly.</b></p>\n";
	}
	else { // Form is OK
		$useripaddr  = getenv("REMOTE_ADDR"); // Getting user IP address
		
		// Processing entered data
		$username    = substr($username,0,50);
		$usercomment = substr($usercomment,0,1000);
		
		$result = mysql_query("INSERT INTO usrreviews (progid, useripaddr, revtime, username, userrating, usercomment) VALUES ('$progid', '$useripaddr', now(), '$username', '$userrating', '$usercomment')", $link_id);
		if($result) {// If data has been added
			// 1. Displaying OK message
			$refresh = "<meta http-equiv=\"Refresh\" content=\"3; url=reviews_p_" . $progid . ".html\">\n";
			echo "<h2 class=\"green\">Dear " . $username . ",<br>\n";
			echo "Your review has been posted. Your rating: " . $userrating . ". Thank You!<br></h2>\n";
			echo "<p>You can view posted reviews related to " . $title . " <a href=\"reviews_p_" . $progid . ".html\">here</a>.</p>\n";
			
			// 2. Sending OK email to author and to me (in Bcc)
			$to       = $email;
			$subject  = $title . " has been reviewed at " . $sitename;
			$message  = "Dear " . $contactname . "!\r\n\r\n";
			$message .= "Your software, " . $title . " (Program ID: " . $progid . "), has been reviewed at " . $sitename . ".\r\n";
			$message .= "You can view posted reviews related to " . $title . " on http://" . $_SERVER['HTTP_HOST'] . "/reviews_p_" . $progid . ".html\r\n\r\n";
			$message .= "User Name: " . $username . "\r\n";
			$message .= "User IP Address: " . $useripaddr . "\r\n";
			$message .= "User Rating: " . $userrating . "\r\n\r\n";
			$message .= "User Comment:\r\n" . $usercomment . "\r\n\r\n";
			$message .= "Kind regards,\r\n\r\n";
			$message .= $sitename . " webmaster\r\n";
			$headers  = "From: \"" . $sitemail . "\"<" . $sitemail . ">\r\n";
			$headers .= "Reply-To: \"" . $sitemail . "\"<" . $sitemail . ">\r\n";
			$headers .= "Bcc: " . $sitemail . "\r\n";
			$headers .= "Content-Type: text/plain; charset=windows-1252";
			@mail($to, $subject, $message, $headers);
		}
		else { // If data adding failed
			// 1. Displaying error message
			echo "<h2 class=\"red\">Dear " . $username . ",<br>\n";
			echo "Sorry, an error occured while updating database:<br></h2>\n";
			echo "<p>" . mysql_error() . "</p>\n";
			echo "<p><b>Please go <a href=\"javascript:history.back()\">Back</a> and try again later.</b></p>\n";
			
			// 2. Sending error email to me only
			$to       = $sitemail;
			$subject  = "Error posting review for " . $title . " at " . $sitename;
			$message  = "An error occured while posting a review for " . $title . " (Program ID:" . $progid . ") at " . $sitename . "\r\n\r\n";
			$message .= "User Name: " . $username . "\r\n";
			$message .= "User IP Address: " . $useripaddr . "\r\n";
			$message .= "User Rating: " . $userrating . "\r\n\r\n";
			$message .= "User Comment:\r\n" . $usercomment . "\r\n\r\n";
			$headers  = "From: \"" . $sitemail . "\"<" . $sitemail . ">\r\n";
			$headers .= "Reply-To: \"" . $sitemail . "\"<" . $sitemail . ">\r\n";
			$headers .= "Content-Type: text/plain; charset=windows-1252";
			@mail($to, $subject, $message, $headers);
		}
	}
}
// Disconnect from database
mysql_close($link_id);
?>
<br>

</td><td class="tbody" width="182">
<table class="tvisible" align="center" width="100%" border="1" cellspacing="0" cellpadding="0">
<tr>


</tr>
</table><br>

</td>
</tr>
</table>
</td><td class="tbody" width="182">

</td></tr></table>
<?php
include_once('fooder.inc');
?>